Overview

overview

4

Static

static

1

URLScan

urlscan

http://xmh57jrknzkhv...

windows10-1703-x64

4

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-1703_x64
  • resource
    win10-20240221-en
  • resource tags

    arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
  • submitted
    24-02-2024 20:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://xmh57jrknzkhv6y3ls3ubitzfqnkrwxhopf5aygthi7d6rplyvk3noyd.onion/

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 7 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: MapViewOfSection 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "http://xmh57jrknzkhv6y3ls3ubitzfqnkrwxhopf5aygthi7d6rplyvk3noyd.onion/"
    1⤵
      PID:1844
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1860
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      PID:316
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4800
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:2256
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:2196
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      PID:2156
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:196
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:4136
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:936

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BDNVZVVU\edgecompatviewlist[1].xml
      Filesize

      74KB

      MD5

      d4fc49dc14f63895d997fa4940f24378

      SHA1

      3efb1437a7c5e46034147cbbc8db017c69d02c31

      SHA256

      853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

      SHA512

      cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\659Q26ZR\futura-bold[1].otf
      Filesize

      27KB

      MD5

      fdc3307ae96cca471174fe427ad16639

      SHA1

      4acca6749045d414d333cdb1821d936816362812

      SHA256

      215c175ce595d0f42bc1f703ef94ecbf6f45dc875cdbfd7ea59d9d8b28467cf9

      SHA512

      a245f93cdc3b21aee56c2063738b321e5caaf9cb2c9bc32cfe17c174d68de0e9e6b89992ae133fe8172800df09d2e9004dc85a63877430f3c1f09500a9e940c8

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HA1O3U8C\futura[1].otf
      Filesize

      26KB

      MD5

      921351f146d78d55c8030239527bf2d6

      SHA1

      b97134d14404e5eb9ea1efe0988edbfd3788dd77

      SHA256

      61f2af8ff6f2c88182142524af5c321547ea30dcc9bce77726856a45b0381fb7

      SHA512

      c4e7470dcded4c2e08be3e8789629f84f9f85f5bc848842b7602aa8ad039577644735bc7a16d48f392dc3414baaca0310f1baa8ab4cab16200a8d27ef2c82802

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\THQUAUJQ\futura-heavy[1].otf
      Filesize

      25KB

      MD5

      0d7fbc4cc43a12f3fea29c8b55ed1a62

      SHA1

      3d6abbbb899d8857e2361a3556050a66e571e52f

      SHA256

      5dbabe7eaf6aeb95d6fff3b60a30c95adb9605bf8e19d8f6f482b72afb3367c8

      SHA512

      77eb8996e8e1460cb9572c1c86d8fbbe7233810011e3aa92e589b6493d3a8190b5b4fa01f535f3d6ecdad0902b814f64583f5abf8df471279d5f55da37e6a9c2

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\THQUAUJQ\lydian-bold-italic[1].otf
      Filesize

      32KB

      MD5

      112dd7953680138d6f7c056d7814f712

      SHA1

      acd3582689ada1a31266de93f488993fc7e1077c

      SHA256

      e7ee0b3f2b3c95e947f9ebed8e67e3c87229b4b02716f129ed50bcb3e72a8f3b

      SHA512

      a292fdedf057b02a50117737b171d57de3abe486093e22e62743d890818371ede46a59822935eccf83949cda55ca2bca7723fe14d5cbd8957d1a0d04828dfa9a

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\THQUAUJQ\main[1].css
      Filesize

      5KB

      MD5

      aeb8c3d3202f50780f472149e5e31558

      SHA1

      51934c25235ffa8bf988e48ec6e9dbfb3f9866d2

      SHA256

      8011faa398e6caf5aa7e05949700f2046deb98d6b2a9f07ac45b44dca299feb0

      SHA512

      c37c8933f37764c46f61a02aba74ad0bd60a7cfa31fa3bd9dfb21b6575f70f2324c3f38ba698a57ca13356f0d7108fa055861cc62426f799ff2bfd91735f6a92

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\THQUAUJQ\style[1].css
      Filesize

      2KB

      MD5

      59db84320c66e084f9d7c6cd7dd60d8b

      SHA1

      89c00016214e6fb466c206d1c75382227a0cf572

      SHA256

      92637495a72b6c67c74728e6762473d518ca3081e67d994cec214c17067db41a

      SHA512

      c62c883e345dbfda2de98ae362db74fe25596ee4137271ace934fd35634979b76b5b733de037d2afa0a6e5f1464c85ab86959f7d47cb600df712398ca41f7e02

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZJQODHLA\futura-italic[1].otf
      Filesize

      27KB

      MD5

      c961c9b1802e79ea12dcfe89bd016753

      SHA1

      1e534ff9d2173cafe9874c30e0c7736926d03bf6

      SHA256

      d93415cbaf7a4c4e8f24e12f707641159f89a28019e48474251f1354485d90dd

      SHA512

      0e7dce883b8cceef2a97788cd65fc5066fb60a757cebb6783ae6e26e67ce97d3d5302c75ba728adf7d843c0fcf6e003c4a54ed9bf26e5e5183ef867ee7ec3a9a

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZJQODHLA\lydian-bold[1].otf
      Filesize

      31KB

      MD5

      df1921b119f776765091e2a62995f09f

      SHA1

      8e0968542525b048ea004ea04854f64c99a24e09

      SHA256

      348824756a7ede049c072d1335e50efdc4597d60ddeb047eb6db38453265a3a6

      SHA512

      0a86abbe5122bc8c410207874561853894df30cbb02a01a5fed11cdb09145ef8e41ac911c5bac96dfc75e00985c94c5fe3b8765d838da66e420b66e7776fd514

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZJQODHLA\mobile[1].css
      Filesize

      481B

      MD5

      d33d128878e2ca7a016de7f3c9deac97

      SHA1

      572860891b15643d0c44017a449788f2873e962e

      SHA256

      18b2329126376bd1b2741f94ada2e3bd8f13a0b921245868a09ebe7cfe870599

      SHA512

      f0819e42a5d1b82dbd8d3440dcfe6e49d8cdef72a1911c1e44300e93b802acb537bc936006db6a5ec783419e66021db23d59bf950cb399b2502bc7798a8bed77

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\9L5EAXS7\suggestions[1].en-US
      Filesize

      17KB

      MD5

      5a34cb996293fde2cb7a4ac89587393a

      SHA1

      3c96c993500690d1a77873cd62bc639b3a10653f

      SHA256

      c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

      SHA512

      e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\Q70W6GLJ\favicon[1].ico
      Filesize

      397B

      MD5

      8e169464c6b12058eba68f1fca9f33fa

      SHA1

      b72c5fedf2e8e9df697bb51f0d4a102c683bcf99

      SHA256

      5e71b10feb93d8a3e29b20de31c7501b6de2b3aa029d2c04f0bfe904e398e126

      SHA512

      2167002b7dd91d060a8fe591269a6f8728732dd421dff0ee29e0f480f20501ea979a7b514c81231234418eae528f885e84339434a17873afc9a4448b7b98a0f9

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF1F22A4AB9085CC26.TMP
      Filesize

      16KB

      MD5

      e78b06ec04be98b2210c6ac25c2b1bde

      SHA1

      d5f7fea22fe1d2def7bda16ea348b5afdd2520f8

      SHA256

      91f8b42aa257bf2ec0d8496479a141f6dffb3c2514d741595afacfa90ce2e530

      SHA512

      729d3c65c53e0718cad9e29cb8a5a9473eef54d297deaa29b727105ee72f147d920d44e04a21c642f4c80535353072cfccf50423dba3f5b6ab1f6a5f47cb5178

      Download Submit

    • memory/316-109-0x0000024260E00000-0x0000024260E91000-memory.dmp

      Filesize

      580KB

      Download

    • memory/316-125-0x0000024260E00000-0x0000024260E91000-memory.dmp

      Filesize

      580KB

      Download

    • memory/1860-0-0x000001F4CB520000-0x000001F4CB530000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1860-35-0x000001F4D0C60000-0x000001F4D0C62000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1860-16-0x000001F4CBB00000-0x000001F4CBB10000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1860-223-0x000001F4D3AB0000-0x000001F4D3AB1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1860-222-0x000001F4D3AA0000-0x000001F4D3AA1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1860-244-0x000001F4D39D0000-0x000001F4D3A61000-memory.dmp

      Filesize

      580KB

      Download

    • memory/2196-278-0x00000216E2000000-0x00000216E2100000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2196-290-0x00000216E2000000-0x00000216E2100000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2196-279-0x00000216E2000000-0x00000216E2100000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2196-280-0x00000216E2000000-0x00000216E2100000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2196-281-0x00000216E2000000-0x00000216E2100000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2196-282-0x00000216E2000000-0x00000216E2100000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2196-283-0x00000216E2000000-0x00000216E2100000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2196-284-0x00000216E2000000-0x00000216E2100000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2196-286-0x00000216E3C00000-0x00000216E3D00000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2196-288-0x00000216E2000000-0x00000216E2100000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2196-289-0x00000216E2000000-0x00000216E2100000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2196-274-0x00000216E2000000-0x00000216E2100000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2196-291-0x00000216E2000000-0x00000216E2100000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2196-205-0x00000216E0700000-0x00000216E0800000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2196-200-0x00000216E0700000-0x00000216E0800000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2196-195-0x00000216E0700000-0x00000216E0800000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2196-68-0x00000216DF8F0000-0x00000216DF8F2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2196-66-0x00000216DF8D0000-0x00000216DF8D2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2196-64-0x00000216DF8C0000-0x00000216DF8C2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2196-62-0x00000216DF8A0000-0x00000216DF8A2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2196-57-0x00000216DF0B0000-0x00000216DF0B2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2196-55-0x00000216CEA90000-0x00000216CEA92000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2196-52-0x00000216CEA60000-0x00000216CEA62000-memory.dmp

      Filesize

      8KB

      Download